[nsp] 7600 and ACLs

Ash Garg ash@telstra.net
Wed, 6 Nov 2002 13:44:34 +1100 

yeah... that's what currently allow all the packets to be processed
properly. Somewhere their hardware implementation seems to be broken :-(

Removing the log gives very weird results...

Ash

                                           \\\|||///
                                          \\  ^ ^  //
                                           (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg                             5/490 Northbourne Ave
Network Specialist                   DICKSON 2602
Internet Network Development
Telstra

Email: <<mailto:Ash.Garg@telstra.net>>
BH:  +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165

The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------

-----Original Message-----
From: Vicky O. Mair [mailto:vickyr@socal.rr.com]
Sent: Wednesday, 6 November 2002 1:31 PM
To: ash@telstra.net; cisco-nsp@puck.nether.net
Subject: RE: [nsp] 7600 and ACLs


hi,

hmm....not sure if 'established' keyword is needed in your case but
something to be aware of (which i'm sure you are) that the 'log' keyword
will drop the packets in process switching mode.

/vicky

-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Ash Garg
Sent: Tuesday, November 05, 2002 2:22 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] 7600 and ACLs


Has anyone had problems with acls applied to vlan interfaces on a 7600
running Native IOS? We have tried two different IOSs: 12.1(8b)e9 &
12.1(11b)e7 with little difference.

The problem we notice is that TCP SYN packets aren't passed thru without the
use of the "log" key word. When you put in the log keyword, the packets pass
thru the interface without a problem...

Ash



                                           \\\|||///
                                          \\  ^ ^  //
                                           (  6 6  )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg                             5/490 Northbourne Ave
Network Specialist                   DICKSON 2602
Internet Network Development
Telstra

Email: <<mailto:Ash.Garg@telstra.net>>
BH:  +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165

The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------

_______________________________________________
cisco-nsp mailing list  real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/